Glossary
Account Takeover Fraud (ATO)
Unauthorized access to an online account usually obtained through compromised credentials.
Brand Abuse
Unauthorized use of an organization’s brand to delude customers with counterfeiting, social media spoofing, look-alike domain registrations, and other trademark infringements.
Browser-Blocking
A method of threat mitigation designed to block access to a website determined to be a security threat to web browsers and site visitors.
Compromised Credentials / Leaked Credentials
Credentials obtained by someone other than the owner. These compromised credentials could be usernames, passwords, and any other authentic credentials exposed from a cybersecurity breach and sold on the dark web for nefarious purposes.
Counterfeit Fraud
Imitating legitimate brands to steal or deceive customers into giving them money.
Credential Theft
Illegally obtaining usernames and passwords to get access to networks, systems, or other online accounts.
Crimeware
A type of malicious software designed to carry out or facilitate illegal online activity including stealing bank information.
Cyber Squatting
Using a domain name with bad intent to profit from a legitimate trademark.
Dark Web
Also known as the darknet, is part of the internet that requires special means of accessing including special software or other configurations for anonymous entry. The dark web has long been considered a place for nefarious activity and possesses many legal barriers for law enforcement agencies.
Dark Web Forum
Online discussion boards hosted on the dark web anonymously that often attract discussions and exchanges associated with illegal and sensitive behavior.
Deep Web
Parts of the internet not indexed by everyday search engines. This may include password-protected, encrypted, or other protected sites. Examples of deep web content include medical records, academic databases, financial records, etc.
Deposit Fraud
The process by which a threat actor has taken over someone's banking credentials to then make fraudulent deposits into an account.
Digital Risk Protection (DRP)
Comprehensive visibility through products and solutions that collects massive amounts of data across the open, deep, and dark web to protect an organization from external threats.
DMCA Takedown
A threat takedown, supported by the Digital Millennium Copyright Act (DMCA), that protects copyrighted digital content, and enabling right holders to request the removal of infringing content from websites and social media platforms.
Domain Squatting
The act of purchasing a generic top-level domain (gTLD) to block someone else from registering it, thereby profiting from reselling it, or for selling ads.
Domain Takedown
The process of directly collaborating with domain registrars to deactivate malicious domains thereby mitigating the risks they pose.
Executive Impersonation
Threat actors masquerading as executives on social media or through the use of Business Email Compromise (BEC) for the purposes of stealing credentials, damaging popular brands, or causing financial damage.
Fake Mobile App
Impersonation of a legitimate app to steal data, such as login information, deliver malware, and carry out other malicious goals by threat actors.
Fake Social Media Profile
An impersonated profile of a person or brand.
Fraud Intelligence
Intelligence gathered to discover and prevent online fraud.
Look-alike Domain
A spoofed domain intended to fool users into thinking it’s the legitimate domain. The domain can look like the real domain but may have subtle differences, ex: “0” versus “o.”
Online Impersonation
A purposeful spoof of a brand, executive, or employee with intent to sway opinion or fool victims into performing an action.
Open Web
The internet used by billions every day to shop, read, entertain, and more.
Paste Site
A website used most often by multiple code developers designed to allow the uploading and sharing of files, scripts, and code snippets.
Phishing
Fraudulent attempt to get sensitive data such as usernames, passwords, and credit card details by disguising as a trustworthy entity through digital communications.
Phishing Site Takedown
The act of toppling a phishing website from the internet to mitigate cyber threats.
Phishing Website
A hoax website built to mimic reputable brands with the intention of misleading readers to give up personal data such as usernames, passwords and financial information.
SEO Poisoning
A practice by threat actors to bend search engine results pages (SERPs) to their malicious websites for cyberattack tactics.
Social Media Gripe Site
A website or platform designed for users to post negative complaints and feedback targeting specific individuals, organizations, or products.
Social Media Spoofing
Impersonating a social media account created to mislead or trick people for malicious intent. Threat actors will use profile photos and usernames similar to the account they are spoofing.
Source Code Leak
An exposure of source code data or snippets including operating system or application code.
Takedown API
A process of digital threat mitigation that enables organizations to automate the process of submitting and managing site and post takedown requests that have infringed their copyrighted content or intellectual property.
Threat Mitigation
Assessing vulnerabilities to create proactive measures to keep threats at bay while staying vigilant for potential risks.
Top Level Domain (TLD)
The portion directly to the left of .com in a domain.
Typo Squatting
Also known as URL hijacking, a sting site or fake URL. This is a form of brand hijacking, often used in malicious look-alike domains, that relies on typos made by users typing a particular URL – leading them to a fake website.
Zone File
Also Domain Name System (DNS) zone file, is a text file that describes a DNS zone, and a mapping between domain name and IP addresses.